Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
461462463464465466467468469470
CHAPTER
18-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
18
Cisco Email Encryption
Overview of Cisco Email Encryption, page 18-1
How to Encrypt Messages with a Local Key Server, page 18-2
Encrypting Messages using the Email Security Appliance, page 18-4
Determining Which Messages to Encrypt, page 18-8
Inserting Encryption Headers into Messages, page 18-11
Overview of Cisco Email Encryption
AsyncOS supports using encryption to secure inbound and outbound email. To use this feature, you
create an encryption profile that specifies characteristics of the encrypted message and connectivity
information for the key server. The key server may either be:
The Cisco Registered Envelope Service (managed service), or
An Cisco Encryption appliance (locally managed server)
Next, you create content filters, message filters, and Data Loss Prevention policies to determine which
messages to encrypt.
1. An outgoing message that meets the filter condition is placed in a queue on the Email Security
appliance for encryption processing.
2. Once the message is encrypted, the key used to encrypt it is stored on the key server specified in the
encryption profile and the encrypted message is queued for delivery.
3. If a temporary condition exists that prohibits the encryption of emails in the queue (i.e., temporary
C-Series busyness or CRES unavailability), messages are re-queued and retried at a later time.
Note You can also set up the appliance to first attempt to send a message over a TLS connection before
encrypting it. For more information, see Using a TLS Connection as an Alternative to Encryption,
page 18-9.